Re: Block db access by IP and username
Date: Tue, 1 Sep 2009 04:15:58 +0530 (IST)
use this option its very efficient.
Use the parameter TCP.EXCLUDED_NODES to specify which clients are denied access to the database. Syntax
TCP.EXCLUDED_NODES=(hostname | ip_address, hostname | ip_address, ...)
TCP.EXCLUDED_NODES=(finance.us.acme.com, mktg.us.acme.com, 184.108.40.206)
Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database. This list takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present. Syntax
TCP.INVITED_NODES=(hostname | ip_address, hostname | ip_address, ...)
TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 220.127.116.11)
From: "Goulet, Richard" <Richard.Goulet_at_parexel.com> To: gabriel.aragon_at_ge.com; oracle-l_at_freelists.org Sent: Monday, August 31, 2009 1:00:53 PM Subject: RE: Block db access by IP and username
"I was thinking about using an after logon trigger to detect username and IP and kill session if it doest fit with required values, but I think this is a little bit rude."
DBA/NA Team Lead
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Aragon, Gabriel (GE, Corporate, consultant)
Sent: Monday, August 31, 2009 3:53
Subject: Block db access by IP
long time no checking this list. I have a security question. I need to block access to db by IP and username, let's say that I need that user XXXX can connect ONLY from IP aaa.bbb.ccc.ddd, that is, if user XXXX wants to connect from another IP, access will be denied.
I was thinking about using an after logon trigger to detect username and IP and kill session if it doest fit with required values, but I think this is a little bit rude. The other option I verified was using sqlnet.ora configuration but this only filters by IP and I would have to add all posssible IP's but doesnt filter users, and this is not what I need.